Wi-Fi Hotspots and Routers at Risk from Malware that Spreads Like Common Cold

Malware can spread like the common cold over Wi-Fi due to inadequate intrusion prevention technology

University of Liverpool researchers have discovered that malware can be spread very quickly wirelessly using Wi-Fi access points that connect homes and businesses to networks, similar to the way that the common cold spreads amongst humans, supporting claims that internet router protection technology needs to be greatly improved.

In a lab-simulated attack on London and Belfast with a specially designed piece of malware called "Chameleon", the scientists discovered that the malware could spread quickly across Wi-Fi networks connectable within a 10-50 metre radius.

Densely populated areas usually have more access points and hotspots in close proximity to each other and the virus attacked any Wi-Fi access points that were not strongly protected by encryption and passwords, such as free open-access Wi-Fi offered by airports and coffee shops.

Malware hides undetected in Wi-Fi

What makes the virus such a threat is the fact that it is able to stay undetected by the anti-virus software on computers and the internet as the virus always stays in the Wi-Fi network. Wi-Fi access points are usually left to run unmanaged as long as the signal is working.

Using London as an example of the risk, even if only 5-10% of all hotspots were infected, that would still mean several thousand access points could be compromised.

"When Chameleon attacked an access point it didn't affect how it worked, but was able to collect and report the credentials of all other Wi-Fi users who connected to it. The virus then sought out other Wi-Fi access points that it could connect to and infect," said Alan Marshall, professor of network security at the University of Liverpool.

"It was assumed, however, that it wasn't possible to develop a virus that could attack Wi-Fi networks but we demonstrated that this is possible and that it can spread quickly."

Internet router security must improve

Marshall is working together with Traffic Observation and Management (TOM), a spin-off from Queen's University in Belfast, Northern Ireland, to create intrusion prevention technology that can be embedded into Wi-Fi access points and routers to prevent attacks.

Security firm Tripwire published a report on the state of home wireless routers, which found software vulnerabilities in 75% of the top 50 best-selling internet routers on Amazon that would make it easy for hackers to exploit.

Once internet routers are set up, as long as the Wi-Fi and internet continues to work, the routers are usually left on their own. No software updates are downloaded, and Tripwire found that most users don't change the default router admin password or the default 192.168.1.x router IP address.

"Users don't change the default administrator passwords or the default IPs in these devices and this behaviour, along with the prevalence of authentication bypass vulnerabilities, opens the door for widespread attacks through malicious web sites, browser plugins, and smartphone applications," said Tripwire researcher Craig Young.